From 488030ee6f945e81a5fc038e3b334eab8ac31c81 Mon Sep 17 00:00:00 2001
From: Andreas Gampe <agampe@google.com>
Date: Tue, 30 Jan 2018 09:48:35 -0800
Subject: [PATCH] Statsd: Allow statsd to contact perfprofd in userdebug

Give statsd rights to connect to perfprofd in userdebug.

Test: mmma system/extras/perfprofd
Change-Id: Idea0a6b757d1b16ec2e6c8719e24900f1e5518fd
---
 private/perfprofd.te | 4 ++++
 private/statsd.te    | 3 +++
 public/perfprofd.te  | 6 +-----
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/private/perfprofd.te b/private/perfprofd.te
index 9c249fd9a..4da541032 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -2,3 +2,7 @@ userdebug_or_eng(`
   typeattribute perfprofd coredomain;
   init_daemon_domain(perfprofd)
 ')
+
+# Only servicemanager, statsd, su and systemserver can communicate.
+neverallow { domain userdebug_or_eng(`-statsd') } perfprofd:binder call;
+neverallow perfprofd { domain userdebug_or_eng(`-servicemanager -statsd -su -system_server') }:binder call;
diff --git a/private/statsd.te b/private/statsd.te
index c63cba92b..dfec7a482 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -30,6 +30,9 @@ allow statsd stats_data_file:file create_file_perms;
 binder_call(statsd, appdomain)
 binder_call(statsd, healthd)
 binder_call(statsd, incidentd)
+userdebug_or_eng(`
+  binder_call(statsd, perfprofd)
+')
 binder_call(statsd, statscompanion_service)
 binder_call(statsd, system_server)
 
diff --git a/public/perfprofd.te b/public/perfprofd.te
index d4062aaf9..494e75bed 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -113,9 +113,5 @@ userdebug_or_eng(`
 
   # Allow perfprofd to submit to dropbox.
   allow perfprofd dropbox_service:service_manager find;
-  allow perfprofd system_server:binder call;
-
-  # Only servicemanager, su and systemserver can communicate.
-  neverallow domain perfprofd:binder call;
-  neverallow perfprofd { domain -servicemanager -su -system_server }:binder call;
+  binder_call(perfprofd, system_server)
 ')
-- 
GitLab